loading
Papers

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Juan Manuel García 1 ; Tomás Navarrete 1 and Carlos Orozco 2

Affiliations: 1 Instituto Tecnológico de Morelia, Mexico ; 2 FIRA - Banco de México, Mexico

ISBN: 978-972-8865-63-4

Keyword(s): Intrusion detection, anomaly detection, time series analysis, Markov processes.

Related Ontology Subjects/Areas/Topics: Information and Systems Security ; Intrusion Detection & Prevention

Abstract: We present an approach to anomaly detection based on the construction of a Hidden Markov Model trained on processor workload data. Based on processor load measurements, a HMM is constructed as a model of the system normal behavior. Any observed sequence of processor load measurements that is unlikely generated by the HMM is then considered as an anomaly. We test our approach taking real data of a mail server processor load to construct a HMM and then we test it under several experimental conditions including a simulated DoS attacks. We show some evidence suggesting that this method could be successful to detect attacks or misuse that directly affects processor performance.

PDF ImageFull Text

Download
CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.233.226.151

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Manuel García J.; Navarrete T.; Orozco C. and (2006). WORKLOAD HIDDEN MARKOV MODEL FOR ANOMALY DETECTION.In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 56-60. DOI: 10.5220/0002099700560060

@conference{secrypt06,
author={Juan {Manuel García} and Tomás Navarrete and Carlos Orozco},
title={WORKLOAD HIDDEN MARKOV MODEL FOR ANOMALY DETECTION},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={56-60},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002099700560060},
isbn={978-972-8865-63-4},
}

TY - CONF

JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - WORKLOAD HIDDEN MARKOV MODEL FOR ANOMALY DETECTION
SN - 978-972-8865-63-4
AU - Manuel García, J.
AU - Navarrete, T.
AU - Orozco, C.
PY - 2006
SP - 56
EP - 60
DO - 10.5220/0002099700560060

Login or register to post comments.

Comments on this Paper: Be the first to review this paper.